[Catalyst] ANNOUNCE: SimpleDB - Auth configuration made easy
Octavian Rasnita
orasnita at gmail.com
Tue Oct 28 12:52:12 GMT 2008
From: "Simon Wilcox" <simonw at digitalcraftsmen.net>
> Matt S Trout wrote:
>> On Mon, Oct 27, 2008 at 03:51:49PM -0700, Darren Duncan wrote:
>>> Zbigniew Lukasiak wrote:
>>>> * Your passwords are stored in the 'password' field in your users
>>>> table and are not encrypted.
>>> This is always a bad idea. If someone ever gets direct database access,
>>> they now know each user's mindset as to how they choose passwords
>>
>> This is the catalyst list, not the "stating the fucking obvious" list.
>
> If the purpose of SimpleDB is to make things simple for people with less
> clue why offer clear text as an option at all ?
>
> Since the best practice is to use hashed passwords why not be
> opinionated about it and not offer anything else ?
>
> Surely being opinionated is something we're good at around here ;-)
>
> S.
This is true, but in that case it should be also explained how to add and modify the hashed password in the database using the most simple method.
And the most simple method could be to use the DBIC::Schema helper for creating the database schema, but in that case DBIx::Class::EncodedColumn can't be used, because DBIC::Schema helper won't be able to update the class files.
A simple method could be to add something like this in the controllers, but is it a recommended way?
$c->req->param(Digest::sha1_hex($c->req->param('password')));
$form->process;
Octavian
More information about the Catalyst
mailing list